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Abstract 

We propose a framework to distributed diagnos¬ 
ability analysis of concurrent systems modeled 
with Petri nets as a collection of components 
synchronizing on common observable transitions, 
where faults can occur in several components. 
The diagnosability analysis of the entire system 
is done in parallel by verifying the interaction of 
each component with the fault free versions of the 
other components. Furthermore, we use existing 
efficient methods and tools, in particular parallel 
LTL-X model checking based on unfoldings, for 
diagnosability verification. 


1 Introduction 

As systems become larger their behavior becomes more and 
more complex, consequently it becomes harder to detect 
faults. There are cases where faults cannot be ruled out at 
design stage since they intrinsically belong to the systems 
(they are inherent faults), or to the environment where the 
system is executed. Therefore, it becomes crucially impor¬ 
tant to have mechanisms in place to be able to detect and 
recover from such faults when they occur. 

In the last years a lot of work have been done studying 
inherent faults; Fault diagnosis consists in detecting abnor¬ 
mal behaviors of a physical system. Diagnosability is the 
property that gives the possibility of detecting faults in a 
bounded time after they occur given a set of observations. If 
a system is diagnosable, it is always possible to determine if 
a fault has occurred by observing the system’s behavior for a 
sufficiently long time, and then diagnosis can find possible 
explanations for the given sequence of observations. Oth¬ 
erwise there are scenarios in which it is impossible to tell 
whether a fault has occurred or not, no matter for how long 
the system is observed. Naturally, non-diagnosable systems 
usually indicate that the system should be augmented with 
additional sensors monitoring it. 

A sound software engineering rule for building complex 
systems is to divide the whole system in smaller and sim¬ 
pler components, each performing a specific task. More¬ 
over, they could be built by different groups of people or in 
different places. This means that, in general, complex sys¬ 
tems are actually collections of simpler components running 
in parallel. 
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In this paper we propose a distributed diagnosability ver¬ 
ification with LTL-X model checking based on Petri net un¬ 
foldings. We start modeling components as automata, but 
instead of making a composition of automata we consider 
the complete system as a Petri Net. Thus, taking the ad¬ 
vantage of the compactness of the representation allowed 
by Petri nets compared to automata. Then, our system is 
modeled as a collection of components represented as Petri 
nets and synchronizing on common observable transitions. 
Also, we remove the assumption that a kind of fault can 
only occur in a single component (which is usually made in 
the diagnosability analysis of distributed systems), and al¬ 
low the same kind of fault to occur in several components 
(moreover, we allow the same fault to occur in different 
components; an example of such a fault could be an elec¬ 
tricity black out, which can happen in any component inde¬ 
pendently). 
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Figure 1; Distribution of the diagnosability analysis. 

We distribute the diagnosability analysis (which is usu¬ 
ally done interactively: the information from local compo¬ 
nents is combined until a global verdict is reached) as it is 
shown in Figure [T] where Gi, G 2 represent two components 
of the system. Suppose different groups are contracted to 
build different components of a system. Even if each com¬ 
ponent is diagnosable, it is not always the case that the re¬ 
sulting system has such property. We propose a framework 
where each component only shares with the others a fault 
free version of its own (e.g. the specification of its ideal 
behavior). Then, each component should not only be diag¬ 
nosable, but also its interaction with the fault free version of 
the other components should be diagnosable. We prove that 
if that is the case then the complete system is diagnosable, 
resulting in a diagnosability analysis that is distributed. 

Finally, we employ the efficient LTL-X model checking 
based on Petri net unfolding to verify the distributed diag¬ 
nosability property. Not only we distribute the diagnosabil¬ 
ity verification but we are employing true concurrency (or 


















partial order) semantics to represent and to check the di- 
agnosability property - which results in important memory 
savings since executions are considered as partially ordered 
sets of events rather than sequences. 

Our approach extends the distributed diag- 
nosability verihcation in the framework of au¬ 
tomata fPonce de Leon et al, 2013) ; and, it 
uses existing twin plant method deployed 
in [Madalinsk i an d Khomenko, 2010) where 

PUNF I IKhomenko, 2012) is applied to diagnosability 
verihcation. 

The paper is organized as follows. First, we show related 
work in Section |2] Then, we present the formal model that 
we use for modeling the system together with basic notions 
about verihcation in Section[3] Section|4]introduces the no¬ 
tion of diagnosability and its verihcation, followed by our 
main contribution of this paper, the distributed diagnosabil¬ 
ity analysis, in Section |5] Finally, we conclude and discuss 
future work in Section | 6 ] 




2 Related Work 

Diagnosability was initially developed 

in I Sampath ef g/., 1995) under the setting of discrete 
event systems. In that paper, necessary and sufficient 
conditions for testing diagnosability are given. In order to 
test diagnosability, a special diagnoser is computed, whose 
complexity of construction is shown to be exponential in the 
number of states of the original system, and double expo¬ 
nential in the number of faults. Later, in I Jiang et al, 2000| , 
an improvement of this algorithm is presented, where the 
so-called twin plant method is introduced and shown to 
have polynomial complexity in the number of states and 
faults. None of the previous methods consider the problem 
when the system is composed of components working in 
parallel. An approach to this consideration is addressed 
in |Sc humann and Penc ole, 2007] [Debouk ef q 1., 2000| 
|Penc^, 2004( ~~ |Schumann and Huang, 2008| where the 
diagnosability problem is performed by either local di- 
agnosers or twin plants communicating with each other, 
directly or through a coordinator, and by that means pooling 
together the observations. | |Ye and Dague, 20T2\ shows 
that, when considering only local observations, diagnos¬ 
ability becomes undecidable when the communication 
between component is unobservable. An algorithm is 
proposed to check a sufficient but not necessary condition 
of diagnosability. However, their results are based on 
the assumption that a fault can only occur in one of the 
components, an assumption that cannot always be made. 

The state-based twin plant method usually suffers from 
the combinatorial state space explosion problem. That 
is, even a relatively small system specihcation can (and 
often does) yield a very large state space. To alleviate this 
problem Petri net unfolding techniques appear promising. 
The system is modeled as a Petri net, where each transition 
is labelled with the performed action. A finite and complete 
prefix of the unfolding gives a compact representation of 
all the state space. Executions are considered as partially 
ordered sets of transitions rather than sequences, which 
often results in memory savings. Since the introduc¬ 
tion of the unfolding t echnique in |McMillan, 1992| , 
it was improved ||Esparza ef a/., 2002[ , paral- 
lelized I Heljanko et al, 2002) , and applied to vari¬ 
ous practical applications such as distributed diag- 
nosi s jE abr e et al, 2005| and LTL-X model check¬ 
ing [Esparza and Heljanko, 20011. Also, the problem of 


Eigure 2: Components specihcations as automata 

diagnosability verihcation based on the twin plant method 
has been studied in [Madalinski and Khomenko, 2010| in 
the context of parallel LTL-X model checking based on 
Petri net unfoldings. 

3 Basic Notions 

Model of the system. We consider distributed systems 
composed by several components that communicate with 
each other through their shared observable actions, as diag¬ 
nosability is undecidable when communication is unobserv¬ 
able [Ye and Dague, 20T^ . The local model of a compo¬ 
nent is dehned as an automaton where Q is a 

hnite set of states, E is a hnite set of actions, i5 : Q x S ^ Q 
is the transition function and go G Q is the initial state. 

In diagnosability analysis, some of the actions of E are 
observable while the rest are unobservable. Thus, the set 
of actions E is partitioned as E = Eq l±) E„ where Eg 
represents the observable actions and E„ the unobservable 
ones. The faults to diagnose are considered unobservable, 
i.e. Ei? C E„, because faults that are observable can be 
easily diagnosed. 

As usual in diagnosability analysis, we made the follow¬ 
ing assumptions about our systems. 

Assumption 1. We only consider (live) systems, where there 
is a transition defined at each state, i.e. the system cannot 
reach a point at which no action is possible. 

Assumption 2. The system does not contain cycles of un¬ 
observable actions. 

Eigure |2] shows four components modeled by au¬ 
tomata A,B,C and D where oi, 02 , 03 , 04,05 € Eg and 
ui,U 2 ,U 3 € E„. The special action / G Ej? is the fault to 
be diagnosed. 

The joint behavior of the system can be represented 
by a safe labelled Petri net. A labelled net is a tuple 
N = [P, T,F,X) where (i) P f 0 is a set of places, 
(ii) T 7 ^ 0 is a set of transitions such that P Cl T = 0, 
(Hi) F C (P X r) U (r X P) is a set of flow arcs, (iv) 
X : T ^ E is a labelling function. A marking is a subset 
M of places, i.e. M C P. A labelled Petri net is a tuple 
N = (P, T, F, X, Mq), where (i) (P, T,F,X) is a hnite 
labelled net, and (ii) Mq C P is an initial marking. Ele¬ 
ments of P U P are called the nodes of Af. Eor a transition 










































t £ T, we call *t — {p \ {p,t) £ F} the preset of t, 
and t* = {p \ {t,p) £ F} the postset of t. In hgures, we 
represent, as usual, places by empty circles; transitions by 
squares; F by arrows; and the marking of a place p by black 
tokens in p. A transition t is enabled in marking M, written 

M —if Vp £ M{p) > 0. This enabled transition 
can fire, resulting in a new marking M' = M — + t*. 

This bring relation is denoted by M —^ M'. A run is a 
sequence p = such that Mg 

Ml Mn and cr = A(fo)A(fi)... A(f„_i) is its 

associated trace, i.e trace (p) = a. A marking M is reach¬ 
able if there exists a run from Mg to M. The set of markings 
reachable from Mg is denoted R(Mg). 

As our systems are live, we only consider inbnite traces 
where the inbnite repetition of action a is denoted by a. 
The set of runs and traces are denoted by run(A/") and 
traces'^ (Af) respectively. As only some actions are observ¬ 
able, the observable projection of a bace is debned as 

f e if cr = e 

obs{a) = < a-obs{(j') if a = a-a' A a£T,o 

\ obs{(j') if a = a-a'A 



Figure 4: Automata {C, iA} represented as Petri nets 


The translation from an automaton A to a labelled Petri 
net A/a is immediate: (i) places are the states of the automa¬ 
ton, i.e. P = Q; (ii) for every transition {si,a,s'j) £ S we 
add t to T and set = {s'} and A(f) = a; 

(in) the initial state is the only place marked initially, i.e. 
Mo = l^o}- 

The joint behavior of a system composed of au¬ 
tomata {Ai,..., An} is modeled by A/ai x ■ • ■ x A/a„ 
where x represents the product of labelled nets debned 
in IWinskel, 1985| l synchronizing on shared observable 
transitions. Product of nets prevents us from the state ex¬ 
plosion problem that usually arises in product of automata. 


/ 





Afi = A/a X 


by 


... ,g”)) = g' 
Pr{{q^,...,q^)-t-p') = I 


q^-t-Pfip') 

P.{P') 


if 3 5\q\\{t)) 
otherwise 


For a £ traces'^ (Af), we say that is its projection 
on component i, denoted Pfia) = di, if and only if 3p £ 
trace“^(cr) : trace(Pi(p)) = 

Example 1. Consider a — 01 / 03 M 3 O 5 € traces'^ (A/ 2 )• Ps 
projection on components C and D are given by Pc{f^) = 
01/03 and Pd (o') = 01 O 3 M 3 O 5 . These projections are 
traces of the corresponding components C and D from Fig¬ 
ure^ Note that projections of an infinite trace from the net 
can be finite in one component. 

As the projection operator only erases actions in a trace, 
it is easy to see that every fault belonging to a trace of a 
component, also belongs to the trace of the net as it is shown 
by the following result. 

Proposition 1. LetAf = A/ai x • • • x A/a„> then for every 
a £ traces'^(A/”) with Pi{cr) = at, if f £ di then ^ f £ d. 


When two traces of the net have the same observability 
and we project them on the same component, the resulting 
projections also have the same observability. This result is 
captured by the following proposition. 

Proposition 2. Consider the net Af = A/ai x ■ • ■ x A/a„ 
and d,a £ traces'^ (A/”) with Pfid) = di and Pfia) = 
we have obs{d) — obs{a) implies obs{di) = obs{ai). 

Note that this result only holds because the product of 
nets synchronize on the set of shared actions. 


Figure 3: Automata {A, B} represented as Petri nets 

The joint behavior of {A,B} and {C,D} from Figure |2] 
can be modeled by the corresponding Petri nets A/i = AIa x 
Afs and A /2 = Afc x Nd of Figure |3] and Figure |4] 

Consider the automata {Ai,, A„} and its correspond¬ 
ing net Af. The projection of a run on component i is given 


Unfolding prefixes. The unfolding of a Petri net Af is 
a (potentially infinite) acyclic net that can be obtained by 
starting from the initial marking of Af and successively fir¬ 
ing its transitions, as follows: (a) for each new firing a fresh 
transition (called an event) is generated; (b) for each newly 
produced token a fresh place (called a condition) is gener¬ 
ated. Due to its structural properties, the reachable markings 









of J\f can be represented using configurations of the unfold¬ 
ing. Intuitively, a configuration is a finite partially ordered 
execution, i.e. an execution where the order of firing of con¬ 
current events is not important. 

The unfolding is infinite whenever Af has an infinite exe¬ 
cution; however, if Af is bounded (and thus has finitely many 
reachable states) then the unfolding eventually starts to re¬ 
peat itself and can be truncated (by identifying a set of cut- 
ojf events) without loss of information, yielding a finite and 
complete prefix. 


LTL-X and Biichi automata. Linear time temporal logic 
(LTL) yPnueli, 1977| is a logic allowing to specify the prop¬ 
erties of computations, and LTL-X is the fragment of LTL 
obtained by removing the next-state modality. LTL-X plays 
a prominent role in formal verification. 

Deciding whether all computations of system S satisfy (p 
is equivalent to deciding whether some computation of S 
satisfies -itp | Vardi and Wolper, 1986| . Formula -up is con¬ 
verted into a Biichi a utomaton accepting th e compu¬ 
tations satisfying |Gastin and Oddoux, 200 1| |. Then, S 
and A^^p are synchronized in such a way that the language 
of the resulting Biichi automaton S x A^^p is the intersec¬ 
tion of the language of A^^p and the set of all the possible 
computations of S. Hence, in this way one can reduce the 
original verification problem to checking if the language ac¬ 
cepted by the Biichi automaton S x A^^, is empty, which 
can be efficiently solved. 


As automata can be seen as nets with no concurrency and 
diagnosability is a property that consider (sequential) runs, 
the above definition can also be applied for automata. 

Proposition 3. Consider the automaton A and its corre¬ 
sponding net A/a, we have diag{A) <;4> diag{AfA)- 

Example 2. Consider the components A and B from Fig¬ 
ure |2] The only pair of traces in A with the same observ¬ 
ability are of the form foa (one for each branch from the 
initial state). As both traces contain the fault f, system A is 
diagnosable. In the case of B, each observable trace cor¬ 
responds to a unique run, therefore B is diagnosable. Now, 
consider the net Afi from Figure\^and Figure^ we can see 
that every trace contains a fault, therefore Afi is diagnos¬ 
able. For net Af 2 from Figure^we have two traces, 02 U 2 O 4 
and 02 /W 2 O 4 that have the same observability, but one of 
them contains a fault and the other does not, therefore A /2 
is not diagnosable. 

The product of automata is usually much bigger than the 
product of their corresponding nets as every possible inter¬ 
leaving is constructed, however there is an isomorphism be¬ 
tween their runs l |Baldan et ai, 2010) and we have the fol¬ 
lowing result. 

Proposition 4. Let {Ai,..., } be a set of automata, then 

diag{Ai X ■ • • X A„) <;=> diag{AfAi x ■ • • x AfA„)- 

We can now exploit the concurrency of the system and 
analyze its diagnosability by the verification of Petri nets. 


Unfolding based LTL-X model checking. 

In [Esparza and Heljanko, 200T[ an efficient approach 
to model checking LTL-X properties of Petri nets based on 
unfolding prefixes was proposed. Its main differences from 
the automata-based approach outlined above are the follow¬ 
ing. The Biichi automaton A^^, for the LTL-X property p 
is translated into a Petri net Af^p,, called Biichi net (simply 
by replacing the automata states by places and automata 
transitions by transitions). Then its synchronization with 
the Petri net model of system S is performed at the level 
of Petri nets rather than reachability graphs, resulting in 
another Biichi net. The synchronization is defined such 
that the concurrency present in S is preserved as much as 
possible, which is important for the subsequent unfolding. 
Then the resulting synchronization is unfolded, and the 
cut-off events are defined such that the resulting finite 
and complete prefix can be viewed as a tableau proof, 
from which it is easy either to conclude that the property 
holds or to find a trace of S violating the property. This 
approach can significantly outperform methods based on 
explicit construction of reachability graphs in case of highly 
concurrent systems. 

4 Diagnosability Analysis 

We present now the notion of diagnosability. Informally, a 
fault / G is diagnosable if it is possible to detect, within 
a finite delay, occurrences of such a fault using the record of 
observed actions. In other words, a fault is not diagnosable 
if there exist two infinite runs from the initial state with the 
same infinite sequence of observable actions but only one of 
them contains the fault. 

Definition 1. A fault f is diagnosable in Af ijf Vcr, a G 
traces'^ (A/”) : obs{a) = obs{a) and / G cr implies / G a. 
Af is diagnosable, denoted by diag{Af), if and only if every 
fault f G Ep is diagnosable. 


LTL-X model checking for non-diagnosability. 

The diagnosability property is verified using LTL- 
X model checking based on Petri net unfold¬ 
ings [Madalinski and Khomenko, 2010) . The verifier 
V is built with respect to a fault / by synchronizing two 
replicas of Af on the observable transitions. Note that for 
efficiency reasons one replica does not consider the fault. 

Intuitively, the two replicas are put side-by-side, and then 
each observable transition in the first replica is fused with 
each transition in the second replica that has the same la¬ 
bel (each fusion produces a new transition, and the original 
observable transitions are removed). One can see that there 
is a one-to-one correspondence between the traces of V and 
pairs of traces of Af with the same projections on the set of 
observable actions. 

As explained above, given the verifier V, checking the 
complement diag of the diagnosability property can be re¬ 
duced to checking the existence of an infinite trace of V con¬ 
taining an occurrence of /, in LTL-X it can be expressed as 
diag = () f, where 0 is the modality eventually. 

Example 3. The verifier of the net Af^ (presented 
in the next section, see Figure [71) is depicted in Figure [5] 
The superscript is used to distinguish nodes belonging to 
each copy of Af^, ^-g- there are two copies of U 2 in 
V^, u\ and the fusion transitions do not have super¬ 
scripts: they are considered ‘common ’. The infinite trace of 
VP : 02 f^u\upOi satisfies the diag property. This trace of 
V 2 corresponds to the pair of traces O 2 /M 2 O 4 cind 02 it 204 
ofAfp, constituting a witness of diagnosability violation. 

5 Distributing the Diagnosability Analysis 

In this section we present a method that allows to decide the 
diagnosability of a distributed system in terms of the diag¬ 
nosability of each faulty component interacting with fault 
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Figure 5: Verifier of 

free versions of the remaining ones. These diagnosability 
analyses can be done in parallel. 

For testing the diagnosability of a fault / S Yjp in a net 
N = Na-i X ■ • ■ X A/a„ , we consider a component i and 
compose it with fault free versions of the others, we denote 
such net as A/"*. These fault free versions may be taken as 
the specification of each component, when provided, or can 
be computed by removing the fault / in the net of such com¬ 
ponent using Algorithm [T] and considering it as the correct 
behavior of the system. 


Algorithm 1 

Require: A Petri net M = 

iP,T,F,Mo,X) 

Ensure: A /-fault free version of M 

1 

P' — Mo,T' :=%,P :^P\ Mo 

2 

while 3t G T\T' ■.’tCP' do 

3 

if X{t) 7^ / then 


4 

P' := P' u 


5 

T' := T' U {f} 


6 

end if 


7 

T:=T\{t} 


8 

end while 


9 

F' := Fn ((P' X T') 

c 

X 

‘■q 

10 

\= X\T' 


11 

return Af-f = {P',T\ 

F',Mo,X') 


We now consider the net Af® composed by component 
A/^i and the fault free version of Maj for j ^ i. Figure | 6 ] 
shows the four components after removing fault / and Fig- 
ure|7]shows the product nets obtained after these reductions. 
Example 4. Let us consider the nets from Figure 0 Sys¬ 
tem Ml is trivially diagnosable. In the case of M^, it is 
easy to see that the observable traces are of the form 03 , but 
all traces containing 03 also contain f and therefore M^ 
is also diagnosable. Traces O 2 M 2 O 4 and O 2 /U 2 O 4 of net M^ 
have the same observability, but one contains a fault and the 
other does not. We can conclude that M-P is not diagnos¬ 
able. This result is consistent with the one obtained by the 



Figure 6 : Components after removing their faults 
verifier in Example^ 




U2 


M 2 = Mq X Md 

Figure 7: Nets after removing faults in some components 

Clearly the traces of A/"® are those of M such that its pro¬ 
jections on every Aj are fault free for j i. 

Proposition 5. Let M be a net, then a € traces“(Af®) iff 
a S traces'®®(A/") A Vj ^ i, Oj : Pj{a) = aj ^ f ^ aj. 

The following result states necessary conditions for the 
diagnosability of M, i.e. the non diagnosability of A/"® for 
some i implies the non diagnosability of M. 

Theorem 1. Consider the net M, then 

n 

diag{M) /y diag{M'') 

i=l 

Proof 1. Lets assume that -diag{M^)for some i, then there 
exist a,a€ traces'®®(A/”®) and f such that obs(a) — obs(a) 
with f G a, but f ^ a. We know from Proposition^that ev¬ 
ery trace in A/”® is a trace in M, so we have found two traces 
ofM with the same observability, one containing a fault and 
the other one not. Therefore M is non-diagnosable. 















Example 5. We see in Example^that is non diagnos- 
able. Using Theorem\I\we can conclude that J\f 2 is non diag- 
nosable, which is consistent with the diagnosability analysis 
made in Example\2\ 

As explained above, the idea is to build a diagnosable 
component and to test that its interaction with the others 
fault free component is also diagnosable. We can then de¬ 
cide the diagnosability of Af = A/ai x • • • x A/a„ in terms 
of the diagnosability of Ai and A/"*. 

Theorem 2. Let Af = AIax x ■ • ■ x A/a„, then 

n 

/y {diag{Ai) A diag{Af^)) ^ diag{Af) 

i=l 

Proof!. Let assume that we have a fault f S Sf ond cr, a G 
traces'^(A/”) with f G a and obs{a) = obs{a), we need to 
prove that f G a. Consider the following cases: 

1. if cr,a G traces“(A/’®) we can prove by A/”* ’s diagnos¬ 
ability that f G a and then Af is diagnosable, 

2. if a ^ traces“(A/'*), using the hypothesis that a G 
traces'^ (Af), we can apply Proposition |5] and obtain 
that 3ai : Pi{a) = ai A f G ai. By Proposition\J\ 
we know that every fault belonging to a projection also 
belongs to the trace in the net, then f G a and Af is 
diagnosable, 

3. if a G traces'^(A/"*) and a ^ traces“(A/"*) we know 
by Proposition\^that Wai : Pi{a) = ai and f ^ ai 
and also that 3ai : Pi{(j) = Ui with f G ai. As 
obs{a) = obs{a) we have that obs{ai) = obs{ai) 
by Proposition \2} Finally, as Ai is diagnosable and 
f G ai, the fault should belong to ai, leading to a con¬ 
tradiction. We can conclude that Af is diagnosable. 

6 Conclusions 

We have presented a framework for the distributed di¬ 
agnosability analysis of concurrent systems. We remove 
the assumption that a kind of fault can only occur in a 
single component (which is usually made in faulty dis¬ 
tributed systems) and allow to analyze more general sys¬ 
tems. The method presented in this paper is a continuation 
of [Ponce de Leon et ai, 2013] , which to the best of our 
knowledge, is the first method that allows the diagnosability 
analysis to be done in a parallelized manner. Thus, a com¬ 
ponent can do the diagnosability analysis independently of 
other components, even when the other components are not 
yet ready. Furthermore, we employ LTL-X model checking 
based on Petri net unfolding to test diagnosability, which 
has been proven to be very efficient. 

We plan to try to reduce the system in order to obtain min¬ 
imal components from which we can infer the diagnosabil¬ 
ity of the original global system. In addition, we intend to 
relax the assumption that the communicating (synchroniz¬ 
ing) events are observable. Moreover, we aim to apply our 
framework to other diagnosability related properties such as 
predictability. 
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